Vulnerabilities > Mobileiron > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-29 | CVE-2021-3391 | Unspecified vulnerability in Mobileiron Mobile@Work MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message | 5.0 |
| 2020-07-07 | CVE-2020-15507 | Information Exposure vulnerability in Mobileiron products An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. | 5.0 |
| 2020-01-08 | CVE-2014-1409 | XML Injection (aka Blind XPath Injection) vulnerability in Mobileiron Sentry and Virtual Smartphone Platform MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords | 6.4 |
| 2014-09-15 | CVE-2014-5903 | Cryptographic Issues vulnerability in Mobileiron Mobile@Work 6.0.0.1.12R The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |